apache dso and Mod_ssl
I know i ask a connex question but ... is there a way to get a compiled-Mod_ssl that works on DSO compiled apache (without EAPI) ??? because i still don't find websphere module sources and i need to have Websphere and SSL on a unique instance (because : i do authenticate client by certificat with Websphere, it gets the HTTPS's info from SSL cert and use it to provide Access right and such ... ) ... it was working well with iplanet and i hope to make it work the same way with apache ... THX __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
-- Original Message -- I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip I'm somewhat confused. I downloaded and uncompressed the above archive, uncompressed and was delighted to find that mod_ssl was present in the modules directory. But I couldn't find any openssl.exe and, from what I gather, I need this www.openssl.org/download/win32 ?? :) executable/toolkit to generate a key pair and CSR? I'm a bit new to web server security and have just had responsibility thrust upon me, so I thank you all for your patience :) Kind regards, Brendan Lloyd __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache Websphere application server
thanx a lot for all but (yes there is a but :( ) i use Websphere to authenticate client from there certificat ... (websphere does evrything here ... ) and so i need to share information on the server between mod_app_server and mod_ssl ... (it works on Iplanet ... i need the same fonctionnality) but i don't knew how i could use mod_proxy so ... thanxs a lot anyway :) -- Original Message -- From: Marco A. Zamora Cunningham [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 16 Jul 2002 17:32:47 -0500 You'll have to either get IBM to provide you with an EAPI-compiled WebSphere DSO or set up two copies of Apache, one SSL and one non-SSL. yes i've think about this (when i was testing) but the point is : I need to provide Https pages with Websphere and i need to use Apache as front server You can always put up the SSL-aware Apache in front of the non-SSL Websphere one: Config inside the frontmost SSL Apache: ProxyPass / http://127.0.01:websphere_server_port/ ProxyPassReverse / http://127.0.01:websphere_server_port/ And set up the backend Websphere one to listen only on the loopback interface: Listen 127.0.0.1:websphere_server_port (Obviously, substitute websphere_server_port with whatever port you'd like it to listen on.) Additionally, if you really need to see the IP of the connecting client on the backend server (for example, so your access logs show the real IP), you can do a little trick with mod_perl (provided, of course, you've got mod_perl on both servers): On the front SSL server (single line in case it wraps)[1]: PerlHeaderParserHandler sub {my($r)=shift;$r-headers_in-add('X-Forwarded-For'=$r-connection-remote_ ip())} On the back Websphere server (also on a single line)[2]: PerlHeaderParserHandler sub {my($r)=shift;$r-connection-remote_ip((split(/,\s*/,$r-headers_in-merge( 'X-Forwarded-For')))[-1])} In case there isn't mod_perl on the backend server, there might be some other way to act on the standard proxying X-Forwarded-For header (maybe websphere can do it by itself?). Hope it helps... Marco Zamora [1] Note for mod_perl-heads: Yes, it really is $r-headers_in. Remember that on proxy connections, the INcoming headers are the ones forwarded on to the target server. [2] The fancy (split[...]merge)[-1] stuff is just a way of parsing out the *last* IP in the possible chain of X-Forwarded-For headers. We can't just use the header_in method because it returns the first one. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Failure to load mod_ssl under NT/apache 2.0
-- Original Message -- From: Alex Moon [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 11:37:20 +0100 I've been trying to get apache 2.0.39 +modssl to work under winNT. But i am failing at what seems like the first hurdle i.e. i cannot seem to get the apache mod_ssl.so module to load. It comes up with the following: with apache 1.3.2* under windows (not cygwin) you had to load .DDL and not .SO maybe it a way to search Cannot load C:/apache2/modules/mod_ssl.so into server: The operating system cannot run %1 Any ideas greatfully received as I cannot see what I have done wrong, Alex Technical Manager Online Learning Support Unit Middlesex University Business School [EMAIL PROTECTED] 020 8411 5092 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Failure to load mod_ssl under NT/apache 2.0
-- Original Message -- From: hunter [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 09:22:37 -0400 arcean wrote: -- Original Message -- From: Alex Moon [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 11:37:20 +0100 I've been trying to get apache 2.0.39 +modssl to work under winNT. But i am failing at what seems like the first hurdle i.e. i cannot seem to get the apache mod_ssl.so module to load. It comes up with the following: with apache 1.3.2* under windows (not cygwin) you had to load .DDL and not .SO maybe it a way to search [over load sniped ... ] I said : with apache 1.3.2* under windows (not cygwin) you had to load .DDL ^^^^^ not cygwin, native win32 if you prefer (with DLL) 1.3.2* like 1.3.20 or 1.3.26 ... not 1.0.39 (not sure it existes) i know my english is bad but with cygwin i never try I have not done this for several weeks and maybe the distribution has changed, but... mod_ssl.so was not built with Apache 1.0.39 ...you have to build it. 1. place openssl into ?:\httpd-2.0.39\srclib ... there are instructions somewhere to follow... 2. follow the instructions in openssl and build it ... you need masm7, perl, vc6, etc. 3. build apache ... it finds openssl and builds mod_ssl.so ... you need awk, bison, sed and flex (new cygwin) ... I had to get newer version of cygwin before it worked, but then the newer perl was a problem. ... older perl must be in path before cygwin After it all comes to gether you can use nmake -f makefile.win installr Then I had trouble making certs... Try these hints ... I will make more detailed instructions later if needed but I think the newer packages (must) probably work better than what I used ... but I have not checked. I will have to download new source and try again to know what the situation is and I am sorry but I have to run off to work. Later, ok? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache Websphere application server
hello *, I trying to make apache, SSL and Websphere works together ... and i have the famous probleme loaded DSO /apps/[..]/mod_app_server.so uses plain Apache api ... this module migth crash ... re compile it with -DEAPI my probleme is : i don't have the source code of the websphere plugin ... do you know a way to use mod_ssl without compiling apache or compiling apache to perfectly support the old way DSO module ?? thanx by advance -- arno __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]